Snort mailing list archives
SNORT and dropping spoofed packets
From: Ameen Al-Azzawi via Snort-sigs <snort-sigs () lists snort org>
Date: Fri, 14 Jan 2022 23:12:17 +0100
Hi everyone, I have attached a pic of my topology (hopefully it goes through this mailing list). The topology represents a DS-Lite technology basic structure. IPIP6 tunnel has been built between B4 & AFTR machines. I have an attacking scenario and want to mitigate it. I am sending (through my attacker machine) a crafted packet of IPv4 in IPv6 packet while spoofing the IP address of the B4 router (2001:db8:0:1::2). The target is AFTR ens34 interface. I have installed and configured snort to work in INLINE mode on AFTR machine. The question is: what kind of rule should I use? Is it even possible with SNORT ?? Regards Ameen
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- SNORT and dropping spoofed packets Ameen Al-Azzawi via Snort-sigs (Jan 18)